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“Errors,  like  straws,  upon  the  surface  flow; 

He  who  would  search  for  pearls  must  dive  below.’’ 


Dryden,  All  for  Love,  Prologue 


ABSTRACT 


This  report  discusses  problems  encountered  with  control  networks  in  highly  restructurable  digital 
systems.  In  particular  the  treatment  of  implementation  errors  is  covered  with  emphasis  on  concurrent  processing. 
The  lmplementetion  of  concurrent  processing  :  eiworks  may  result  in  errors  which  will  be  quite  complex  to 
detect  and  systematic  methods  are  warranted.  A  model  representing  a  particular  type  of  computing  system  is 
presented,  and  methods  for  introducing  concurrent  control  into  the  model  discussed.  The  automatic  detection  of 
a  certain  class  of  errors  caused  bv  improper  design  of  these  systems  is  investigated.  Graph  theoretic  repre- 
sentation  is  employed  in  demonstrating  severa1  error  detection  techniques.  The  properties  of  these  techniques 
are  compared  and  it  is  concluded  that  one  technique,  of  those  investigated  is  of  sufficient  generality, 
thoroughness,  and  s  mpliciiy  in  implementation  to  be  used  for  automatic  error  analysis. 
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ANALYSIS  OF  IMPLEMENTATION  ERRORS  IN  DIGITAL  COMPUTING 
SYSTEMS  SUPPORTING  ASYNCHRONOUSLY-CONTROLLED 
CONCURRENT  PROCESSES 


1.  INTRODUCTION 


This  report  is  concerned  with  digits!  computing  systems  supporting  asynchronously-ccntrolled  concurrent 
processes.  Systems  of  this  variety  present  a  departure  from  techniques  of  convent' j.iai  usage.  Certain  methoda 
may  be  u>ed  to  provide  explicit  concurrent  control  in  these  systems.  If  the  methods  are  incorrectly  applied,  e 
number  of  different  errors,  which  are  unlike  those  encountered  in  conventional  systems,  may  result.  Presented 
here  is  a  discussion  of  explicit  concurrent  control  methods  and  an  investigation  of  techniques  for  automatic 
detection  of  errors  introduced  in  using  these  methods.  Several  solutions  are  demonstrated  and  their  relative 
merits  evaluated. 

1.1  MOTIVATION 

The  desirability  for  increased  speed  in  computer  systems  has  focused  interest  on  tvo  major  areas: 

1.  Digital  electronics 

2.  Computer  organization 

In  the  first  area,  the  goal  is  development  of  electronic  switching  networks,  ferrite  core  memories,  and  other 
components  capable  of  operating  at  extremely  high  speeds.1  The  second,  which  is  largely  independent  of  the 
first,  involves  efforts  toward  the  effective  usage  of  existing  components.  It  is  this  latter  area  which  will  be  of 
concern  here. 

1.2  ASYNCHRONOUS  CONCURRENT  MODE  AS  COMPARED  WITH  OTHER  MODES 

1.2.1  LEVELS 

Before  determining  whether  a  particular  computer  falls  into  the  asynchronous  concurrent  category,  the 
qualification  of  level  must  be  made.  Three  levels  will  be  considered: 

1.  The  logic  level 

2.  The  organizational  level 

3.  The  program  level 

The  logic  level  is  that  at  which  the  elementary  entities  are  gates,  flip-flops,  clocks,  etc.  The  organiza¬ 
tional  level  has  as  elements  registers,  memories,  and  other  units  constructed  of  logic  elements.  It  may  also 
include  arithmetic  units,  input-output  controllers,  or  even  an  entire  processing  unit.  At  the  program  level  the 
elements  are  instructions  written  in  a  sequence  which  describes  the  operations  to  be  perfo’med  by  a  computer. 

1.2.2  SYNCHRONOUS  VERSUS  ASYNCHRONOUS 

Synchronous  means  that  operations  are  controlled  by  a  clock  with  a  fixed  period.  Processes  at  the  logic 
level  in  most  conventional  computer  are  synchronous.  The  reason  for  this  is  that  at  the  logic  level,  synchronous 
control  is  easier  to  use  in  design. 


Contrarily,  at  the  protram  level,  processes  usually  operate  asynchronously.  The  execution  time  of  in¬ 
teractions  in  most  computers  varies  depending  on  the  type  of  operation  or  thr  amount  of  data  being  manipulated. 

1.2.3  SERIAL  VERSUS  CONCURRENT 

Concurrent  means  that  processes  occur  simultaneously,  while  serial  implies  one  process  proceeding  after 
another  in  a  particular  order.  In  contrast  to  the  examples  in  the  previous  section  for  conventional  computing 
system- ,  a.  I  t  logic  level  concurrent  processes  do  occur,  while  at  the  program  level  ‘'ey  do  not.  Some  qualifi- 
tba  needs  to  be  made  concerning  the  latter  statement.  Most  contemporary  computers  do  provide  for  concurrency 
of  input  and  output  operations  with  other  ypes  of  operations-  However,  the  program  generally  does  not  have 
absolute  control  of  these  operations.  It  tnay  be  said  that  the  programmer  does  not  normally  have  the  option  of 
explicitly  declaring  concurrency. 

1.3  DOMAIN  OF  INTEREST 

The  processes  to  be  considered  in  this  research  will  be  entirely  at  the  organization  or  program  levels. 

A  model  will  be  proposed  which  is  adequate  for  the  representation  of  processes  at  either  level  and  its  applica¬ 
bility  to  existing  computers  demonstrated.  The  model  is  particularly  suited  to  organization  or  nrograinming  of  the 
class  of  computers  originally  proposed  by  von  Neumann3,  in  which  the  greater  percentage  of  existing  computers 
are  included.  No  attempt  is  made  to  show  its  adequacy  for  various  computers  such  as  SOLOMON3,  the  Holland 
Machine4,  und  other  computers  which  are  described  as  highly  parallel,  distributed  logic,  etc.  For  a  cross  sectional 
description  comparing  various  types  of  concurrent  processors,  see  Murtha5. 

1 .3.1  HISTORICAL  DEVELOPMENT 

Examination  of  the  characteristics  of  computers  since  the  first  large-scale  computer,  the  Harvard  Mark  1 
Calculator6  in  1944,  yields  an  interesting  picture  regarding  concurrent  processing.  The  successor  to  the  Mark  1, 
the  EN1AC  (Electronic  Numerical  Integrator  and  Computer)7,  was  capable  of  sustaining  concurrent  processes. 
This  feature  vxs  made  possiU.  by  the  use  of  wired  programs. 

With  the  introductions  of  EDVAC  (E'ectronic  Discrete  Variable  Automatic  Computer)3,  which  was  the  first 
stored  program  machine,  problems  with  the  control  increased,  and  thus,  attention  was  drawn  away  from  concurrent 
processing. 

As  the  use  of  electronic  computing  increased,  it  became  apparent  that  certain  functions  of  a  computer,  e.g 
multiplication,  division,  certain  input  and  output  operations,  consumed  a  disproportionate  «n?ount  of  time  in 
comparison  to  other  operations.  Consequently,  during  o-erations  such  as  these,  part  of  the  components  of  the 
computer  remained  idle.  This  renewed  interest  in  applying  asynchronous  control  and  concurrency  to  more  effective 
utilization  of  this  idle  time.  Several  machine*  then  appeared  which  allowed  multiplication  and  division  to  proceed 
simultaneously  and  autonomously*.  Another  step  was  the  introduction  of  an  input-output  overlap  feature  in  the 
UNIYAC  I.  This  feature,  which  allowed  input  and  output  operations  to  proceed  autonomously  and  concurrently 
with  a  program,  is  present  in  most  commercial  and  scientific  computers  presently  manufactured.  This  idea  was 
then  extended  to  permit  other  types  of  instructions  to  be  executed  simultaneously  by  the  interconnection  of  two 
or  more  computers. 

1.3.2  CURRENT  RESEARCH 

Currently,  many  existing  and  planned  computer  systems  are  incorporating  concurrent  asynchronous  control. 
Unfortunately,  few  of  these  allow  explicit  specification  of  concurrency  at  '  program  level,  and  some  give  this 
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privilege  to  a  supsrvisory  program  only. 

At  the  organizational  level,  the  trend  toward  more  flexibility  and  modularity  of  units  has  offered  a  growing 
opportunity  for  development  of  new  approaches  for  concurrent  structures.  The  fixed- plus- variable  computer 
proposed  by  Estrin*  was  a  major  step  in  this  direction.  Estrin  suggested  that  a  standard  computer  be  combined 
with  a  network  of  computer  components  under  common  control  of  a  supervisor.  The  network  could  be  restructured 
for  particular  problems  to  yield  an  increase  in  program  running  speed. 

Another  significant  advancement,  consisting  of  a  collection  of  autonomously  operating  modules,  was 
proposed  by  Clark10.  These  modules,  called  macromodules  were  to  be  designed  in  such  a  way  as  to  eliminate 
the  electronic  engineering  details  present  in  conventional  computers  and  thus  provide  a  means  of  organizing 
computing  systems  by  considering  only  the  functions  to  be  performed.  This  project  is  currently  in  the  develop- 
ment  stage. 

1.4  PROBLEMS  INTRODUCED  BY  ALLOWING  EXPLICIT  CONCURRENCY 

The  provision  for  explicit  asynchronous  control  of  concurrent  processes  has  introduced  problems  not  en¬ 
countered  >n  computing  systems  of  other  types.  Some  of  these  problem  have  been  discussed  in  the  literature 
and  genera. ly  deal  with  questions  of  how  to  use  this  type  of  system  most  effeervely. 

The  problem  of  scheduling  processes,  deciding  which  processe  are  handled  by  which  units  of  the  system 
and  at  v.hat  time,  is  considered  in  it,  1],  13,  14.  The  effects  on  the  specification  of  algorithms  is  investigated 
in  14,  lb,  16,  17  and  the  effect  on  program-language  compilers  in  IS,  19,  20.  Discussions  of  interrupt  handting( 
memory  usage,  and  other  problems  peculiar  to  certain  systems  may  be  found  in  21,  22,  23. 

This  icpon  concentrates  on  the  proolem  of  detecting  certain  types  of  errors  which  may  be  introduced  in 
implementing  concurrent  computing  systems.  These  will  be  called  implementation  errors.  A  general  approach 
applicable  to  a'large  class  of  computers  is  used,  and  examples  at:  presented  illustrating  the  method  as  utilized 
in  macromodular  constructions.  Implementation  errors  have  been  previously  discussed  in  24,  25,  26. 
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2.  A  MODEL  OF  THE  TYPE  OF  COMPUTING  SYSTEM  TO  BE  ANALYZED 


Pric'  .o  considering  implementation  errors,  it  is  necessary  to  present  a  model  of  the  computing  system  to 
be  analyzed.  The  model  may  be  used  to  represent  certain  computers  at  either  the  organizational  level  or  the 
program  level.  The  basic  elements  of  the  model  are  the  sigt .  ■ ,  the  process,  the  signal  path,  and  the  memory. 

2.1  SIGNALS,  PATHS,  PROCESSES,  AND  MEMORIES 

The  definitions  of  signal  process  are  of  a  recursive  nature  i.e.,  signals  are  responsible,  among  other 
things,  for  initiating  processes;  but,  processes  may  be  said  to  create  signals.  To  simplify  definitions,  the 
signals  are  classified  into  two  types:  data  signals  and  control  signals.  The  signal  path,  being  a  medium  for 
a  signal,  will  be  introduced  with  the  signals.  The  order  of  the  'subjects  in  the  following  discussion  will  be: 

1.  Data  signals  and  mentories 

2.  Processes  which  transform  data  signals 

3.  Control  signals 

4.  Procesees  in  general 

2.1 .1  OAT  A  Sift  4AI  .S  AND  MEMORIES 

A  data  signui  is  an  entity  which  conveys  information  by  assuming  one  of  a  number  of  possible  values. 
It  exists  in  a  medium  known  as  a  path.  The  value  of  the  data  signal  may  be  recorded  by  an  element  known  as 
a  memory.  After  the  value  of  a  data  signal  is  recorded  by  memory,  the  signal  ceases  to  exist.  The  memory 
element  has  the  property  that  it  subsequently  creates  data  signals  having  the  value  which  the  memory  last 
recorded.  Only  one  value  is  retained  at  any  one  time.  Signals  are  recreated  by  a  memory  whenever  they  are 
requested  by  a  process. 

The  signals  whose  values  may  be  recorded  by  a  memory  are  restricted  tc  certain  paths  associated  with 
the  memory.-  Similarly,  signals  may  be  created  only  on  paths  associated  with  the  memory.  A  memory  and 
asrociated  paths  ir,  represented  schematically  in  Figure  1.  The  memory  is  represented  by  a  rectangle  while 
the  paths  are  represented  by  arrows.  The  arrow  is  directed  info  a  memory  if  the  memory  records  the  value  of  a 
signal  on  the  path.  The  arrow  is  directed  from  the  memory  if  the  memory  creates  signals  on  that  path. 

For  the  particular  systems  which  will  be  modeled,  it  is  required  that  a  path  support  only  one  data  signal 
?t  any  instant  of  time.  For  contrast,  a  theoretic  model  not  having  this  restriction  is  described  by  Karp  and 
Miller27and  Reiter2**29- 

2.1.2  PROCESSES  WHICH  TRANSFORM  DATA  SIGNALS 

There  are  various  types  of  processes,  one  of  which  functions  to  transform  data  signals.  By  transform, 
it  is  meant  that  some  data  signals  may  be  created  whereas  others  are  destroyed.  When  destroying  a  signal, 
a  process  may  inspect  its  value,  which  may  have  an  effect  on  the  subsequent  action  of  the  process,  the 
process  may  create  data  signals,  the  value  of  which  depends  on  data  signals  previously  inspected.  Thus, 
the  '.itnsformation  spoken  of  is  really  a  mapping  from  the  set  of  all  possible  data  signals  into  itself. 

As  with  a  memory  e'ement,  a  particular  process  may  be  allowed  to  transform  only  a  certain  set  of  signals. 
This  set  is  determined  by  a  set  of  paths  associated  with  the  process.  The  paths  may  connect  to  memories  and 
are  represented  by  arrows,  which  are  the  same  as  those  arrows  d  icribed  for  memories  in  the  preceding  section. 
The  arrow  is  directed  into  a  process  if  the  process  requests  data  fiom  a  memory,  inspects,  and  destroys  the  data 
signal  on  that  path.  The  arrow  is  directed  outward  from  a  process  if  a  data  signal  may  be  created  on  that  path. 
It  should  be  mentioned  that  a  process  may  transform  data  only  intermittently.  When  a  process  is  trans- 
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forming  signals,  it  is  said  to  be  active.  Otherwise,  it  is  inactive  Processes  which  do  transform  continuously 
are  called  continuous  processes  while  those  which  do  not  are  called  discrete  processes.  The  processes  to  be 
considered  will  be  implicitly  discrete  unless  specified  otherwise. 

2.1.3  CONTROL  SIGNALS 

If  a  process  is  discrete,  i.e  ,  it  is  active  only  at  certain  times,  it  is  necessary  to  provide  a  means 
of  rendering  it  active,  or  initiating  it.  This  is  accomplished  by  another  type  of  signal,  the  control  signal. 
In  contrast  to  data  signals,  the  control  signal  simply  exists  or  it  does  not.  There  is  no  associated  value. 

The  control  signal,  unlike  the  data  signal,  may  initiate  a  process  spontaneously.  Once  it  has  done  so,  it 
is  destroyed.  When  a  control  signal  has  this  effect  on  a  process,  the  process  is  said  to  accept  the  signal. 
Also,  when  an  existing  process  has  completed  its  transformation,  it  ceases  to  be  active  and  cteates  a  control 
signal  indicating  its  completion.  This  signal  may  then  be  used  to  initiate  other  processes. 

As  with  data  signals,  only  certain  control  signals  are  associated  with  any  process.  These  exist  on 
particular  paths,  and  only  one  control  signal  may  exist  on  a  path  at  any  given  time.  The  paths  are  represented 
by  arrows  which  are  lighter  and  thinner  than  those  representing  data  paths.  The  arrow  is  directed  inward  if  a 
signal  on  the  path  initiates  the  process  and  outward  if  the  process  creates  a  signal  on  the  path,  as  in  Figure  2. 
The  data  paths  are  net  always  shownif  explicit  reference  is  made  to  memory  elements  inside  the  figure  represent¬ 
ing  the  process. 

2.1 .4  GENERAL  PROCESSES 

In  the  preceding  sections,  a  process  was  described  as  functioning  to  transform  data  upon  the  acceptance  of 
an  initiation  signal  and  to  return  a  completion  signal  at  the  end  of  the  transfo:mction.  Now  that  control  has 
been  defined,  a  more  general  definit;on  of  process  may  be  given. 

A  process  may  accept  control  signals  on  more  than  one  path  to  it  and  the  existence  of  signals  on  these 
paths  may  affect  the  process.  Also,  a  process  may  create  more  than  one  control  signal,  which  may  initiate 
ether  processes.  It  is  not  necessary  that  the  signal  which  initiates  'die  process  always  be  on  the  some  path. 
Control  signals  accepted  by  a  process  are  called  input  control  signals.  That  which  ini..,ites  the  process  is  the 
primary  input  control  signal,  while  others  are  known  as  secondary  input  control  signals.  Similaily,  a  single 
control  signal  is  created  which  indicates  that  the  process  no  longer  exists.  This  will  be  called  the  primary 
output  control  signal,  while  others  are  known  as  secondary  output  control  signals.  The  primary  output  control 
signal  is  not  generally  required  to  be  on  a  particular  path.  To  simplify  discussion,  if  there  is  more  than  one 
input  control,  iniliarion  signal  may  be  used  to  mean  primary  input  control  signal  and  if  there  are  multiple 
output  controls,  completion  signal  may  be  used  to  mean  primary  output  control  signal.  In  a  similar  manner, 
data  signals  wil!  be  described  as  input  or  output  with  respect  to  a  process,  depending  on  whether  they  are 
destroyed  or  created  by  that  process. 

2.1.5  SUMMARY  OF  ELEMENTS  IN  THE  MODEL  AND  AN  EXAMPLE 

A  summary  of  the  concepts  inuodu.id  in  sections  2.1.1  through  2.1.4  is  now  presented.  The  elements  of 
the  model  are. 

1.  Signals  -  are  accepted  and  created  by  processes  and  memories,  and  provide  for  intercommunication. 

A.  Data  signals  —  convey  values 

1.  Input  data  signals  —  are  requested,  inspected,  and  destroyed  by  processes  and  their 
values  are  recorded  by  menK.ics. 

2.  Output  data  signals  —  are  created  by  processes  or  memories. 
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FIGURE  2.  PROCESS  WITH  INITIATION  AND  COMPLETION  SIGNALS 
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B.  Control  signals  —  control  processes  and  have  only  a  single  value. 

1.  Control  input  signals  —  are  accepted  by  processes. 

a.  Primary  control  input  or  initiation  signals  —  cause  the  activation  of  a  nocess. 

b.  Secondary  control  input  signals  —  control  processes  but  do  not  initiate  them. 

2.  Control  output  signals  -  are  created  by  processes. 

a.  Frimary  control  output  or  completion  signals  -  indicate  that  a  process  is  m 
longer  active. 

b,  Secondary  control  output  signals  —  are  produced  by  a  process  prior  to  com¬ 
pletion. 

II.  Paths  —  are  media  in  which  signals  exist. 

A.  Control  paths  —  may  sustain  control  signals  only. 

B.  Data  paths  —  may  sustain  data  signals  only. 

III.  Processes  —  have  initiation  and  completion  signals  and  the  ability  to  accept  and  create 
control  and  data  signals. 

IV.  Memories  —  record  the  most  current  value  of  a  certain  set  of  data  signals  and  recreate  signals 
having  this  value. 

An  example  of  a  general  process  is  shown  in  Figure  3.  The  timing  diagram  indicates  the  presence  of 
signals  on  various  paths.  Those  which  are  due  to  the  process  are  indicated  by  solid  lines,  while  those  from 
some  external  source  are  indicated  by  dashed  lines.  In  this  example,  the  initiation  signal  will  always  be  on 
path  a  and  the  completion  signal  will  be  on  either  path  d  or  e,  by  asrumption.  A  secondary  control  input  may  be 
on  either  path  b  or  c,  out  not  both.  The  process  may  be  described  as  follows:  After  initiation  by  the  signal  on 
path  a ,  the  process  waits  foi  a  signal  on  b  or  c.  If  a  signal  occurs  on  b,  the  data  signals  A  and  B  are  compared. 

If  A  and  B  have  the  same  value,  this  value  is  given  to  a  signal  created  on  path  C  and  a  completion  signal  is 
created  on  d.  If  the  values  if  A  and  B  are  different,  a  signal  is  created  on  C  with  a  predetermined  value  and  a 
completion  signal  is  created  on  d.  If  a  control  signal  appears  on  c  instead  of  b.  the  date  signals  on  A  and  8 
are  destroyed  and  ignored.  The  predetermined  value  is  assigned  tc  a  signal  on  C  and  the  completion  reported  on  e. 

The  timing  diagram  in  Figure  3  shows  two  example  cases.  In  the  first,  an  input  appears  on  b  and  the 
signals  on  A  and  B  have  the  same  value,  thus  the  completion  is  reported  on  d.  In  the  second,  an  input  appears 
on  c,  thus  completion  is  reported  one. 

2.2  PROCESS  NETWORKS 

Networks  of  processes  will  now  be  discussed.  A  network  of  processes  is  a  set  of  processes  and  memories 
interconnected  by  data  and  control  signal  paths.  First,  asynchronous  and  synchronous  sequential  networks 
will  be  compared.  Sequential  means  that  only  one  process  is  active  at  any  one  time  and  thus,  the  processes 
occur  in  a  sequence,  one  after  another.  Following  the  discussion  of  sequential  processes,  concurrent  processes 
will  be  investigated  and  iheir  advantages  described.  In  concurrent  process  networks,  more  than  one  process 
may  be  active  at  any  time.  The  terms  synchronous  and  asynchronous  will  be  applied  to  concurrent  networks 
also,  which  leads  to  the  type  of  network  with  which  this  report  is  mainly  concerned,  asynchronous  concurrent 
process  networks. 


CONTROL  AND  DATA  PATHS 


-10- 


2  2.1  SEQUENTIAL  PROCESS  NETWORKS 

2  2.1.1  SYNCHRONOUS  AND  ASYNCHRONOUS  SEQUENTIAL  PROCESSES 

Sequential  processes  occur  one  after  another  in  some  prescribed  order.  Sequential  processes  may  be  of 
two  types:  synchronous  and  asynchronous.  Synchronous  processes  are  initiated  at  definite  instances  in  time 
by  control  signals  from  a  clock.  The  completion  signal  of  a  synchronously  controlled  process  is  of  no  conse¬ 
quence.  since  the  initiation  proceeds  strictly  by  the  clock,  regardless  of  whether  the  previous  process  is 
complete  cr  not  Consequently,  the  initiation  signals  produced  by  the  clock  must  be  spaced  far  enough  apart  to 
allow  the  preceding  process  to  be  completed.  If  the  period  of  activity  of  a  process  is  variable,  then  the  clock 
interval  must  be  at  least  as  large  as  the  maximum  period.  If  the  variation  in  t’..e  length  of  activity  of  a  process 
is  great,  and  the  length  tends  to  be  much  less  than  the  maximum  a  large  percentage  of  the  time,  them  there  is  a 
considerable  length  of  time  where  the  system  is  idle.  Asynchronous  sequencing  can  be  introduced  to  minimize 
this  idle  time. 

In  asynchronous  sequencing,  the  completion  signal  of  one  process  is  used  to  initiate  the  next  process. 
The  sequencing  continues  in  a  chain-like  manner,  and  there  is  no  idle  time  between  completion  of  one  process 
and  initiation  of  another. 

2.2.1. 2  CONCEPTS  ENCOUNTEREO  IN  SEQUENTIAL  ASYNCHRONOUS  NETWORKS 

Introduced  now  will  be  some  terms  which  describe  asynchronous  sequential  prccesses  and  networks. 
Any  process  may  consist  of  subprocesses  which,  themselves  are  processes.  The  subprocesses  communicate 
among  themselves  with  the  same  types  of  signals  and  also  accept  and  create  signals  outside  of  the  process. 
A  process  is  said  to  be  separable  if  its  only  control  paths  are  a  single  initiation  path  and  a  single  completion 
path.  Thus,  the  effect  of  a  separable  process  is  strictly  transformation  of  data.  A  separable  process  will  be 
represented  by  a  rectangle. 

A  null  process  is  a  separable  process  which  has  no  effect  on  data.  A  null  process  is  identical  to  a 
single  control  path.  An  asynchronous  sequential  network  may  simply  be  a  chain  of  separable  processes  which 
is  also  a  separable  prr  'ess  It  may  also  be  more  complex  if  decisions  and  merges  are  introduced  as  described 
below. 

2.2.1. 3  DECISION  AND  MERGE  PROCESSES 

In  networks  with  synchronous  control,  certain  values  of  data  may  cause  certain  processes  not  to  be 
initiated.  Selective  initiation  is  accomplished  in  asynchronous  networks  by  a  special  process,  the  decision. 

A  decision  is  defined  as  a  process  with  a  single  control  input  path  but  multiple  control  output  paths. 
An  output  control  signal  is  produced  or  only  one  of  these  paths.  The  path  selected  depends  on  data  input 
signals.  Thus,  the  decision  process  decides  on  which  path  the  completion  signal  v  ill  be  created.  A  decision 
with  n  output  paths  will  be  termed  an  n-way  decision. 

The  decision  is  usually  represented  on  a  conventional  flowchart  as  a  diamond  shape  with  a  specifica¬ 
tion  of  'he  way  in  which  a  choice  is  made  indicated  inside  the  diamond  and  on  the  control  output  paths,  The 
data  input  paths  are  usually  implicit.  In  analyses  where  the  data  is  not  of  concern,  a  decision  may  simply  be 
represented  as  a  circle  containing  the  letter  D.  See  Figure  4  for  both  of  these  representations  The  intro¬ 
duction  of  decisions  produces  control  signals  which  will  exist  on  only  one  of  a  number  of  possible  paths 
To  recombine  these  possibilities  into  a  signal  on  oniy  one  path,  the  merge  element  is  required 

A  process  is  sa'd  to  be  an  r.-*ay  merge  if  it  has  n  input  signal  paths  and  a  single  output  signal  path, 
and  has  the  property  of  creating  its  completion  signal  upon  acceptance  of  an  initiation  signal  on  any  control 
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FIGURE  4.  REPRESENTATION  OF  DECISIONS 
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FIGURE  5.  REPRESENTATION  OF  MERGES 
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input.  The  merge  is  represented  ty  a  circle  containing  an  M,  as  in  Figure  5.  Merging  is  shown  on  a  conventional 
flowchart  as  simply  the  junction  of  two  paths. 

2.2.2  AN  EXAMPLE  OF  ASYNCHRONOUS  SEQUENTIAL  CONTROL 

Figure  6  shows  a  separable  process  which  computes  n!  from  a  memory  element  which  has  recorded 
n(>l)  and  puts  the  result  into  a  second  memory  element.  In  Figure  7,  subprocesses  are  i>;iown  which  achieve 
the  result  using  elementary  processes  which  assign,  add,  and  multiply  the  values  of  data  signals  to  produce 
an  output  data  signal.  The  numeric  value  1  is  assumed  to  be  built  into  the  processes  'equiring  it.  Upon 
accepting  the  initiation  signal,  the  separable  process  p’oceeds  autonomously  until  the  computation  is  complete 
at  which  time  the  result  will  be  recorded  and  the  completion  signal  produced. 

2.2.3  CONCURRENT  PROCESS  NETWORKS 

Introduced  here  is  the  concept  of  concurrent  processes,  in  which  the  restriction  of  a  strict  sequence,  as 
in  sequential  process  networks  ii  removed.  The  synchronous  mode  applies  also  to  concurrent  processes.  In 
faci,  the  processes  at  the  logic  level  in  conventional  computers  are  synchronous  concurrent.  However,  the 
problem,  at  the  program  or  organizational  level  in  requiring  that  piocesses  oe  synchronous  is  the  same  as  for 
the  sequential  case;  namely,  that  there  is  generally  a  targe  amount  of  idle  time. 

In  considering  ways  in  which  processes  may  concur,  certain  restrictions  must  be  observed.  First,  there 
must  be  a  definite  ordering  between  certain  pairs  of  processes,  i.e.,  one  must  occur  before  the  othet.  Second, 
certain  sets  of  processes  may  not  occur  at  the  same  time  if  the  data  signals  of  one  process  are  required  for  use 
by  the  second  process.  This  is  due  to  the  required  use  of  the  input  signals  to  a  second  process.  Examples 
of  this  may  be  found  in  Figure  7,  the  n-factorial  example. 

The  ordering  between  two  processes  may  be  expressed  as  a  binary  relation,  <.  If  A  and  B  are  two 
processes,  then  A  <  B  means  A  must  precccd  B.  A  relation  of  this  sort  is  known  as  a  predecent  relation.30 

If  neither  A  <  B  nor  B  <  A,  then  A  and  B  may  concur,  which  will  be  written  AaB. 

Two  processes  that  wil,  be  used  specifically  for  *he  control  of  concurrent  processes  are  now  introduced. 
These  are  the  branch  and  the  rendezvous.  Suppose  there  are  three  separable  processes  T,  U,  and  V  which  must 
occur  with  *he  following  restrictions:  T  <  V  and  U  <  V.  T  and  U  may  be  allowed  to  concur,  but  both  must 

precede  V.  To  do  this,  a  process  known  as  an  n-wey  branch  is  introduced.  It  involves  control  signals  only, 

with  one  control  input  and  n  control  outputs.  When  the  initiate  n  signal  is  accepted,  output  control  signals  are 
created  on  all  r.  of  the  output  control  paths.  Using  a  *wo-way  branch  v.ith  connections  from  the  output  control 
paths  to  the  input  control  paths  of  T  and  U.  en  initiation  signi1  applied  at  the  input  of  the  bianch  causes  the 
concurrent  activation  of  both  T  and  U. 

It  is  required  that  both  T  and  U  be  complete  before  initiating  V  and  for  this  puipose  the  rendezvous 
process  is  introduced.  A  process  is  an  n-way  rendezvous  if  it  has  n  control  inputs,  a  single  control  output, 
and  no  data  paths.  An  initiation  signal  may  occur  on  any  one  of  the  input  paths,  but  no  completion  signal  is 
given  until  all  signals  have  been  accepted  on  all  input  paths.  By  connecting  the  completion  paths  of  T  and  U 
to  a  2-way  rendezvous,  the  rendezvous  does  not  report  completion  until  both  T  and  U  are  complete. 

A  schematic  of  this  entire  network  is  presented  in  Figure  8.  The  branch  and  rendezvous  are  represented 
by  circles  with  the  letters  B  and  R,  respectively,  fhe  examples  demonstrated  so  far  have  been  simple.  Even 
with  only  four  elements;  branch,  decision,  rendezvous,  and  merge,  together  with  separable  processes,  the 
networks  which  may  be  constructed  can  be  quite  complex.  This  will  be  supported  in  Chapter  Four,  where  it  is 
shown  that  errors  may  be  inadvertently  introduced  when  implementing  these  concurrent  process  networks,  and 
automatic  means  of  detecting  them  are  investigated. 
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FIGURE  6 


SEPARABLE  PROCESS  WHICH  COMPUTES  n-FACTORIAL 


2-WAY  BRANCH 


FIGURE  8.  CONCURRENT  ASYNCHRONOUS  CONTROL  OF  PROCESSES 
T,  U,  AND  V  WITH  THE  PRECEDENCE  RELATION  T<  V,  U  <  V 
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2.3  APPLICATION  TO  COMPUTING  SYSTEMS 

It  has  been  stated  that  the  model  presented  applies  to  computers  at  both  the  organizational  level  and  the 
program  level.  The  validity  of  this  statement  will  now  be  'lemon stiated. 

2.3.1  APPLICATIC’  AT  THE  ORGANIZATIONAL  LEVEL 

The  terms  branch,  rendezvous,  and  merge  are  from  the  description  of  macromodular  systems  by  Clark., 
et  al.,,,1J,J*  The  model  was  strongly  influenced  in  other  ways  by  macromodular  systems,  since  th~se  systems 
present  what  is  probably  the  first  major  steps  i..  separating  the  functions  of  processes  at  the  organizational 
level  from  the  engineering  details  of  these  processes. 

A  macromodular  syo'em  has  electronic  units  known  as  macmmodules.  These  correspond  to  the  processes 
in  the  model.  There  are  also  data  cables  and  control  cables  corresponding  to  the  sigral  paths  of  the  model. 

Control  and  data  signals  are  electrical  signals  on  the  cables. 

A  few  specific  types  of  macromodules  will  now  be  mentioned.  The  memory  modules  are  of  two  forms: 
registers,  constructed  of  flip-flops,  and  core  memory.  Associated  with  registers  are  several  function  units 
which  perform  logical,  arithmetic,  and  shift  operations.  There  are  also  gates  which  transfer  data  between 
registers.  All  of  these  processes  are  separable. 

Affecting  control  are  branch,  rendezvous,  and  merge  units,  the  function  of  which  is  identical  to  the 
corresponding  two-way  units  of  the  model.  The  decision  process  appears  in  two  forms:  a  detec'^r  which 
compares  signals  from  two  registers  under  a  mask  signal  from  a  third  register  and  creates  a  control  signal  on 
one  of  two  control  output  paths,  depending  on  whether  or  not  the  comparands  are  equal  under  the  mask;  and  a 
decoder,  which  decodes  three  bits  of  data  signal  to  select  one  of  eight  possible  control  output  paths. 

Since  the  control  cables  for  any  process  may  be  wired  into  only  one  sequence,  call  urcts  are  provided. 
Call  units  effectively  allow  a  process  to  bt  used  as  a  subprocess  within  several  different  processes. 

2.3.2  APPLICATION  AT  THE  PROGRAM  LEVEL 

Several  techniques  have  been  proposed  for  the  inclusion  of  explicit  concurrent  control  into  procedure 
oriented  program  languages. This  area  is  usually  found  in  the  available  literature  classified  by  terms  such 
as  parallel  programming,  multiprocessing,  and  multiprogramming.  The  control  oi  processes  asynchronously  at 
this  level  is  accomplished  in  various  ways,  the  discussion  of  which  is  not  pertinent  here.  The  general  scheme 
may  be  described  as  two  or  more  processing  ur  ’ts  executing  instructions  simultaneously  and  communicating  via 
a  common  core  memory.  Examples  of  exiting  and  proposed  machines  for  this  purpose  may  be  found  in  42<4J>44 

The  languages  utilized  are  similar  to  Fortran  or  Algol,  with  the  addition  of  several  statements  which 
serve  to  sp  .cify  concurrency.  The  control  signals  in  the  model  correspond  to  the  sequencing  of  instructions 
in  these  languages  and  the  flow  of  data  corresponds  to  assigning  values  to  variables.  One  type  of  instruction 
introduced  is  analogous  to  the  branch.  This  is  the  FORK  instruction,  by  which  a  label  is  given  instructing 
the  computer  to  begin  a  concurrent  sequence  at  that  statement  with  the  label.  The  statement  corresponding  to 
the  rendezvous  is  written  as  JOIN,  indicating  that  the  control  of  the  sequence  containing  the  join  statements 
referencing  a  particular  label  will  meet  at  a  statement  with  that  label.  The  corresponding  machine  language 
instructions  to  accomplish  this  have  also  been  described  in  the  referenced  literature.  A  less  flexible  method, 
which  is  equivalent  to  requiring  that  all  concurrent  process  existing  at  once  be  controlled  by  the  same  branch- 
rendezvous  pair,  has  been  suggested  using  the  statements  DO  TOGETHFR,  AND  and  P ARALl.FL  FOR. 
This  specifies  that  certain  sequences  are  to  be  executed  concurrently,  e.g.,  the  DO-group  of  Fortran  or  the 
block  in  Algol.  The  reason  these  schemes  are  less  flexible  is  there  can  be  no  transfer  out  of  the  sequences 
or  among  them. 
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A  third  and  more  flexible  way  has  also  been  proposed  and  has  been  included  in  the  definition  of  a 
language  which  is  currently  being  implemented.4'  This  technique  may  be  described  as  using  certain  special 
data  signals  which  may  be  called  flag  or  semaphore  quantities,  or  events.  Briefly,  flag  quantities  may  be 
tested  for  a  particular  value  and  depending  on  that  value,  the  completion  of  the  testing  process  may  be  reported 
or  it  may  be  delayed  until  the  flag  does  assume  *hat  particular  value.  This,  coupled  with  the  ability  to 
terminate  control  (i.e.,  destroy  it  without  creating  any  other  control  signals),  may  be  used  to  function  as  the 
rendezvous  or  in  several  other  ways  which  are  generally  unachi 'vable  with  only  the  branch,  rendezvous,  decision, 
and  merge  elements. 
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3.  GRAPH  THEORETIC  CONCEPTS 

In  discussing  networks  of  processes,  it  is  desirable  to  have  a  concise  language  ovailable  for  describing 
them.  Since  an  automatic  analysis  of  networks  is  sought,  it  is  °lso  desirable  to  have  a  convenient  way  of 
representing  such  networks  to  a  computer.  The  branch  rf  mathematics  known  as  g'aph-theory  is  well-suited  to 
this  purpose. 

Thorough  discussions  on  the  theoretic  aspects  with  some  applications  are  given  in  Berge4  ,  Ore44,  and 
Harary,  et  al.47.  Applications  of  graph  theory  to  processes  in  digital  computers  may  be  found  in  ^4•J4«4*-5,■ 

3.1  DEFINITIONS 

The  definition  of  a  graph,  as  presented  here,  is  similar  to  Harary’s  definition  of  a  net.  A  graph,  P,  is 
a  system  (N,  A,  f,  g)  where 

N  is  a  finite  set  of  elements  called  nodes 
A  is  a  finite  set  of  elements  called  arcs 
f  is  a  mapping  of  A  into  Nv|  <f>  I 
g  is  a  mapping  of  A  into  Nv(<£  | 

<f>  is  a  special  element  distinct  from  any  element  of  N. 

A  graph  may  be  schematically  represented  by  a  diagram  as  shown  in  F'gure  9  which  immediately  suggests  its 
usefulness  in  describing  the  interconnection  of  processes.  The  arrows  represent  the  arcs  and  the  circles 
represen*  the  nodes.  The  functions  f  and  g  are  defined  as  follows: 

Let  c  be  an  arc,  n  be  a  node.  Then 

f(c)  -  n  if  and  only  if  the  head  of  c  connects  to  n. 
c  is  then  said  to  be  an  input  arc  with  respect  to  n. 

g(c)  -  n  if  and  only  if  the  tail  of  c  connects  to  n. 
c  is  then  said  to  be  an  output  arc  with  respect  to  n. 

If  either  f(c)  -  r  or  g(c)  -  n,  then  c  is  said  to  be 
incident  with  n. 

The  functions  f  and  g  for  the  graph  in  Figure  9  are  defined  below  the  graph. 

If  n  anu  m  are  two  nodes  and  c  is  an  arc  such  that  n  -  g(c)  and  m  -  f(c),  then  n  is  said  to  connect  to  m 
while  m  is  said  to  connect  from  n.  In  either  case,  n  and  m  are  said  to  be  connected.  The  arc,  c,  may  be 
represented  by  an  ordered  pair  of  nodes  (m,n). 

The  out-degree  of  a  node,  n,  is  the  number  of  arcs,  c,  for  which  f(c)  -  n.  The  in-degree  of  a  n  is  the 
number  of  arcs,  d,  for  which  g(d)  -  n. 

If  b  »nd  c  are  nodes,  there  is  said  to  exist  a  semipath  between  b  and  c  if  one  of  the  following  holds: 

I.  b  and  c  are  connected 

or  2.  b  is  connected  with  a  node  d  and  there  is  a 
semipath  between  d  and  c. 

If  b  Uiid  c  are  nodes,  then  thee  is  said  to  exist  a  path  from  b  ro  c  if  one  of  «he  following  holds: 

1 .  b  connects  to  c 

or  2.  b  is  connected  to  a  node  d  and  there  is  a 
path  from  d  to  c. 

In  this  case  c  is  said  to  be  reachable  from  b,  or  b  reaches  c. 

Path  should  not  be  confused  with  signal  path  from  Chapter  2. 
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A  =  (a,  b,  c,  d,  e,  f,  g,  h,  i) 

g(b)  =  g(c)  =  g(d)  =  1 

g(f)  =  g(i)  =  2 

g(g)  =  3 

g(e)  =  g(h)  =  4 

g(a)  =  0,  THE  SPECIAL  ELEMENT 

f(a)  -  1 

f(b)  =  f(i)  =  2 

f(d)  =  f(e)  =  3 

f ( c )  =  f(f)  =  4 

f (g)  =  f(n)  -•  0 


FIGURE  3. 


EXAMPLE  OF  A  GRAPH 


r 
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A  graph  is  said  to  be  weakly  connected  if  between  any  two  nodes  there  exists  a  semipath.  The  graph  of 
Figure  9  is  weakly  nnected  Similarly,  a  graph  is  said  to  be  strongly  connected  if  between  any  two  nodes 
there  exists  a  path  Thus,  a  strongly  connected  graph  is  weakly  connected  but  the  converse  does  .tot  necessarily 
held.  In  cases  where  the  converse  does  not  hold,  the  graph  is  said  to  be  strictly  weakly  connected . 

A  subgraph  of  a  graph  P  -  (N,  A,  f,  g)  is  a  graph,  y  -  (N ',  A ',  f ',  g3,  where  N'is  a  subset  of  N  and  A' 
is  the  set  of  arcs  incident  with  the  nodes  N'.  Thus  f'  and  g '  are  restrictions  of  the  mapping  f  to  A"  where 
c  t  A"  if  ar.d  only  if  f(c)  <  N '  and  g  to  A'"  where  dr  A'"  if  and  only  if  g(d)  <  N 

An  arc  of  a  subgraph  is  said  to  be  input  with  respect  to  that  subgraph  if  it  is  input  to  some  node  in  that 
subgraph  but  is  not  output  to  any  node  in  that  subgraph.  An  arc  of  a  subgraph  is  said  to  output  with  respect  to 
that  subgraph  if  it  output  to  some  node  in  that  subgraph  but  is  not  input  to  any  node  in  the  subgraph. 

A  subgraph  is  defined  io  be  separable  if  it  has  only  one  input  arc  and  one  output  arc. 

A  subgraph  is  said  to  be  minimal  of  a  property  L  if  the  removal  of  any  connected  node  results  in  a  subgraph 
which  does  not  have  property  L.  A  subgraph  is  said  to  be  maximal  of  a  property  L  .if  the  addition  of  anveonnected 
node  results  in  a  subgiaph  which  does  not  have  property  L.  Thus  a  maximal  strongly  connected  subgraph  is  one 
in  which  the  property  of  strong-connectedness  is  lost  when  any  node  connected  to  the  subgraph  is  added. 

A  node  is  said  to  be  self-connected  if  it  connects  to  itself. 

A  set  of  arcs  (a  aya  )  are  said  to  be  parallel  if  f(a_)  «  f(aj  -  f(a  )  and  g(a.)  -  g(a,)  -  g(a  ). 

lift  12  n  v  1  2  "  n 

Examples  arc  shown  in  Figures  10  through  13. 

3.2  MATRIC  REPRESENTATION 

Matric  notation  has  been  shown  to  be  a  convenient  representation  for  graphs,  especially  if  the  matrices 
are  to  be  manipulated  by  computer. 

The  mappings  f  and  g  may  be  represented  by  allowing  each  ccl  i  of  a  matrix  to  correspond  to  a  node  and 
and  each  row  to  an  arc,  and  letting  the  (i,j)th  entry  assume  the  val  e  1  if  the  arc  corresponding  to  row  i 
maps  into  the  node  which  corresponds  to  column  j.  Denote  by  F  and  G  the  matrices  for  the  mappings  f  and  g. 

F  and  G  will  be  respectively  called  the  input  and  output  matrices.  The  matrices  F  and  G  for  f  and  g  of 
Figure  9  ue  shown  in  Figure  14. 

Other  useful  matrices  may  be  derived  from  the  input  and  output  matrices.  The  first,  known  as  the 
arc-node  matrix,  A,  can  be  used  to  represent  both  F  and  G  provided  that  theie  is  no  arc  which  is  self-connected. 

By  definition  A  »  F  —  G.  If  no  nodes  are  self  connected,  there  will  l*e  no  entries  in  F  and  G  which  are  both  J, 
but  if  there  are  nodes  which  are  self  connected,  there  will  be  such  entries.  Identical  entries  result  in  the 
corresponding  entry  of  A  being  0  which  is  indistinguishable  from  no  connections  at  all  to  that  particular  node. 

If  such  entries  do  not  occur,  F  and  G  can  be  obtained  from  A.  Figure  15  shows  the  arc-node  matrix  for  the 
graph  in  Figure  9.  Notice  the  (i,2)  entry. 

An  interesting  algorithm  is  presented  by  Wann24  using  the  arc-node  matrix,  A,  in  testing  a  subgraph  for 
separability.  It  may  be  stated  as  follows:  A  subgraph  consisting  of  a  particular  set  of  nodes  is  ceparable  if 
and  only  if  the  sum  of  the  corresponding  columns  of  the  arc-node  matrix  contains  a  single  +1  and  a  single  -1 
entry. 

Two  other  mau.ces  which  may  a.ro  be  computed  from  F  and  G  are  as  follows: 

The  node-node  or  connection  matrix,  C  «*  GF  (where  t  indicates  transpose  of) 
defined  by  C  -  the  number  of  arcs  input  t<">  node  j  and  output  from  node  i. 

The  arc-arc  matrix,  D  -  F^G,  defined  by  D(  1  if  arc  i  is  input  to  a  node 
from  which  arc  j  is  output,  and  0  otherwise. 


FIGURE  10.  A  STRONGLY 
CONNECTED  GRAPH 


FIGURE  1 1 .  A  SEPARABLE 
SUBGRAPH  OF  THE  GRAPH 
IN  FIGURE  10 


FIGURE  13.  A 
MINIMAL  STRONGLY 
CONNECTED  SUBGRAPH 
OF  THE  GRAPH  OF 
FIGURE  12 


FIGURE  12.  THE  MAXIMAL 
STRONGLY  CONNECTED  SUBGRAPH 
OF  THE  GRAPH  OF  FIGURE  11 
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Figure  14.  Input  and  output  matrices  for  the  graph  of  Figure  9. 
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Anoihei  matrix,  the  reachability  matrix,  R  is  defined  as  R  >  1  if  there  is  a  oath  from  node  1  to  node  j, 
and  0  otherwise.  The  reachability  matrix  may  be  computed  from  the  connection  matrix  as  follows: 

C1,  the  first  power  of  C,  gives,  for  any  two  nodes,  the  number  of  paths  i'  >m  one  to 
the  other  of  length  1.  (The  length  of  a  path  between  twc  nodes  being  the  number  of 
arcs  traversed  in  tracing  from  one  node  to  the  other.)  It  can  be  shown  that  Cn,  the 
nth  power  of  C,  gives  for  any  two  nodes,  the  number  of  paths  from  one  to  the  other 
of  length  n.  Define  a  function,  W,  as  W(x) «  0  otherwise.  Thcr.  (W(C")i  -  1  if 
there  is  any  path  from  i  to  j  of  length  n,  and  0  otherwise. 

Thi'sW(C)  V  W(C  ),  where  V  is  the  Boolean  sum,  gives  all  paths  of  length  1  or  2. 

n  j 

Similarly,  V  }  W(C  )  gives  paths  of  length  i,  or  2,  or  .  .,  or  n.  For  any  finite 

graph,  all  paths  which  are  greater  than  a  certain  length,  say  p,  necessarily 

include  a  loop,  tnus  the  Boolean  sum  ,  WfC1)  will  be  identical  to  ?  W(C') 

for  any  nip.  The  point  here  being  that  to  determine  the  reachability  matrix, 
only  a  finite  number  of  matrices  need  be  summed. 

An  equivalent  method  for  computing  the  reachability  matrix,  which  is  computationally  more  efficient,  is  given 
in  40  Other  useful  algorithms,  such  as  one  for  the  determination  of  strongly-connected  subgraphs  from  the 
reachability  matrix,  are  given  by  Ramamoorthy.  The  connection  matrix  for  the  graph  of  Figure  9,  and  the 
construction  of  the  reachability  matrix  are  exhibited  in  Figure  16. 

In  succeeding  sections,  process  networks  will  be  represented  by  graphs,  and  graph-theoretic  terminology 
will  be  employed  in  their  descriptions.  The  analysis  will  be  concerned  mainly  w.th  control.  CV  <equently, 
data  paths  will  net  be  shown.  The  nodes  of  graphs  will  represent  non-ser  arable  processe?, particularly  branches, 
merges,  decisions,  and  rendezvous.  The  arcs  will  represent  control  signal  paths.  Arcs  will  also  be  used  to 
represent  separable  processes,  since  a  separable  process  has  only  one  input  and  one  output  control  path.  The 
terms  graph  and  network  will  be  used  interchangeably.  The  description  of  an  arc  as  being  active  means  that  a 
signal  exists  on  the  corresponding  control  path. 
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Figure  16.  The  connection  and  reachability  matrices  for  the  graph 


of  Figure  9. 
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4.  ERRORS  IN  NETWORKS  OF  CONCURRENT 
PROCESSES  WITH  ASYNCHRONOUS  C3NTRQL  ^ 

4.1  GFNERAL  TYPES  OF  ERRORS 

Process  networks  which  are  employed  in  the  solutions  of  computational  problems  are  generally  separable. 
The  solution  begins  with  the  introduction  of  an  initiation  signal  to  the  separable  procsss.  The  data,  initially 
in  memory  elements,  is  inspected  by  the  process  and  data  produced  indicating  the  results.  At  the  completion 
of  the  solution  steps,  a  single  completion  signal  is  produced. 

Several  types  of  errors  may  occur  in  such  a  separable  process  network.  The  genera!  characteristic  of  an 
error  is  that  the  desire^  result  is  not  produced 

Errors  may  be  classified  into  the  vays  in  which  they  .‘~t  produced: 

1.  A  process  physically  malfunctions 

2.  The  solution  steps  of  an  algorithm  are  incorrectly  specified 

3.  Concurrent  control  is  incorrectly  specified 

The  first  of  these  is  of  no  concern  here.  'r“ne  second  will  be  called  an  algorithm  error,  but  detection  of  this 
P'pe  of  error  will  not  be  considered  because  of  its  general  infeasibility.  The  third  will  be  called  an  implemen¬ 
tation  error  because  it  is  introduced  by  implementation  of  an  algorithm  as  a  concurrent  process  network. 

The  following  properties  are  postulated  as  being  desirable  for  separable  processes ,  the  lack  of  them 
being  an  error: 

1.  Finite  duration  -  After  initiation,  a  separable  process 
must  complete  within  a  finite  period  of  time. 

2.  Non-regeneration  —  Once  initiated,  a  separable  process 
will  create  only  one  output  control  signal. 

3.  Delerminacy  -  A  separable  process,  for  any  activatior, 
will  always  produce  the  same  output  data  if  the  input 
data  is  the  sa,?e. 

Sequential  networks  are  always  non-i. generative  and  determinate,  but  may  not  be  of  unite  duration  if  the 
control  of  iteration  is  specified  incc.; jetiy.  In  networks  of  concurrent  processes,  ali  of  these  puperties  may  be 
lacking  due  tc  improper  specification  of  concurrent  control.  As  a  clarifying  pcint,  it  might  be  mentioned  that 
such  errors  are  dynamic.  For  some  data,  the  network  may  function  normally  while  for  other  data  it  may  malfunction 
in  different  ways.  A  network  will  be  said  to  have  certain  typee  of  errors  if  it  is  possible  for  'he  network  to 
malfunction  in  certain  ways.  The  means  by  which  each  of  these  etrors  are  introdv-  tc  nto  ne. works  is  now 
investigated. 

4.1.1  INFINITE  DURATION 

The  name  given  to  the  error  in  process  networks  which  do  not  complete  in  a  finite  length  of  time 
is  mlir.ite  duration.  It  was  mentioned  that  infinite  duration  may  be  due  t.  u.i  error  in  an  algorithm  for  graphs 
such  as  in  Figure  ?7.  It  is  ic-emphasized  that  strongly  connected  subgrapns,  as  ir.  ^i*  re  18,  do  not  necessarily 
imply  an  error,  bat  that  data  must  be  conudei-d  before  determining  if  the  network  is  in  error.  Again  it  is 
mentioned  that  such  algo.ithm  errors  are  infeanolc  to  detect. 

Infinite  duration  caused  by  intro  uction  of  concurrent  control  is  generally  the  result  of  processes  internal 
to  the  ne:v,ork  wh  ch  are  not  able  to  report  completion  This  is  the  case  in  a  network  in  which  only  one  input 
to  a  re  dezvous  eve-'  becomes  active,  as  in  Figure  19 
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FIGURE  19.  NETWORKS  HAVING  INFINITE  DURATION  BECAUSE  OF 
INCORRECT  USE  OF  CONCURRENT -CONTROL  ELEMENTS 


FIGURE  20.  REGENERATION  CAUSED  BY  A  BRANCH  WITHIN  A 
STRONGLY  CONNECTED  SUEGRAPH 
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4.1.2  REGENERATION 

Networks  which  arc  regenerative  may  produce  multiple  output  control  signals  after  being  initiated  only 
once.  Thr.  may  be  caused  in  two  ways.  The  first  is  by  allowing  a  branch  to  produce  an  output  from  a  strongly 
connected  subgraph.  This  is  show.i  in  Figure  20.  It  should  be  mentioned  that  not  every  strongly  connected 
subgraph  with  a  branch  implies  an  error. 

Regeneration  is  also  produced  by  what  will  be  called  a  hazard,  due  to  its  similanty  to  the  hazard  in 
switching  networks  (cf.  McCluskey.6 ')  The  hazard  is  found  by  consideration  of  the  merge  process.  Suppose 
there  is  a  2-wav  merge  with  input  arcs,  a  and  b,  and  output  arc  c.  The  arc  t  is  the  output  arc  of  a  separable 
process,  P,  as  shown  .n  Figure  21.  Suppose  it  is  possible  that  a  and  b  may  have  signals  sirm  ’ianeously. 
Because  of  this  possibility,  one  of  two  phenomena  may  occur  (1)  If  a  and  b  have  signals  which  overlap  in 
time,  the  merge  receives  two  initiation  signals  and  the  result  is  unpredictable,  since,  by  definition,  a  merge  is 
initiated  by  a  signal  on  only  one  of  its  input  arcs.  (2)  If  a  and  b  do  not  overlap,  the  process  P  may  report 
completion  twice 

In  summary,  the  possibility  of  more  than  one  input  signal  to  a  merge  may  cause  either  of  these  problems, 
and  will  be  identified  as  a  hazard.  The  hazard  is  also  responsible  for  producing  indeterminacy,  as  will  be 
seen  in  the  following  section. 

4.1.3  INDETERMINACY 

A  network  is  said  to  be  indeterminate  if  different  output  data  are  produced  in  two  or  more  different  activa¬ 
tions  of  the  network  for  the  same  input  data.  Three  ways  in  which  a  network  may  be  indeterminate  are  (1)  by 
the  failure  to  observe  constraints  on  processes,  (2)  by  the  process  reporting  completion  with  some  residual 
control  signals  stil!  present  within  the  network,  and  (3)  by  the  failure  to  observe  precedence  requirements  in 
designing  the  control. 

Failure  to  observe  constraints  on  processes  occurs  when,  as  in  the  previous  discussion  of  hazards,  a 
process  is  initiated  twice.  Similarly,  two  consecutive  signals  io  the  same  input  of  a  rendezvous  is  a  violation 
of  the  constraints  for  this  process. 

It  is  possible  for  a  process  to  report  completion  only  once  but,  for  some  control  to  remain  active  within 
the  network.  This  occurs  when  a  rendezvous  has  accepted  a  single  control  input  and  the  network  containing 
the  rendezvous  has  reported  completion.  When  the  separable  process  is  activated  a  second  time,  a  control 
signal  to  the  other  input  will  cause  the  rendezvous  to  report  completion.  Thus,  even  though  the  data  may  be 
the  same,  the  results  could  be  different  for  two  successive  activations.  Networks  which  may  report  completion 
while  rendezvous  remain  active  are  said  to  possess  residual  control,  Lixamples  of  residual  control  arc  shown 
in  Figure  22. 

Failure  to  observe  precedence  relations,  as  mentioned  in  section  2.2.3,  may  cause  erroneous  output  data, 
even  though  the  errors  in  control  previously  liscussed  are  not  piesent.  Since  no  assumptions  are  made  about 
relative  times  of  processes  in  asynchronous  control  networks,  a  possible  vt  iatior.  in  time  of  processes  which 
are  active  concurrently  may  cause  varying  results  for  identical  data.  For  example,  consider  two  processes, 

A  and  B,  where  A  <  B  is  a  requirement.  If  the  network  is  implemented  as  in  Figure  23,  where  C  and  D  represent 
other  processes  unrelated  to  A  oi  B,  an  assumption  that  C  will  last  longer  than  A  may  not  be  supported,  and  the 
output  data  from  A  which  is  required  for  input  to  B  may  not  have  been  set  when  B  requires  it.  Thus,  B  may 
reference  the  data  which  was  previously  in  memory  e  nenls,  and  erroneous  results  produced. 

The  error  exemplified  'n  the  preceding  paragraph  may  be  detected  by  observing  the  possibility  of  A  and  B 
concurring  whereas  it  is  required  that  A  precede  B.  A  correct  implementation  appears  in  Figure  24.  An  error 
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FIGURE  24.  CORRECTION  OF  THE  ERROR  IN  FIGURE  23 
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of  this  kind  will  be.  called  a  race  because  the  time  duration  of  the  processes  affect  the  results.  The  insertion 
of  processes  to  eliminate  races  is  called  interlocking.  This  example  has  presented  a  very  simple  case  of 
interlocking.  More  complex  interlock  schemes  may  be  devised  to  allow  more  freedom  and  still  meet  precedence 
requirements.  These  are  discussed  by  Littlefield. 

4.1.4  SUMMARY  OF  IMPLEMENTATION  ERRORS 

1.  Infinite  duration  —  The  process  does  not  complete  within  a  finite  time  after 
initiation.  Infinite  duration  is  produced  by  the  impossibility  of  completion 
of  an  active  rendezvous. 

2.  Regeneration  -  The  process  produces  multiple  output  control  signals  after 
a  single  initiation.  Regeneration  is  caused  by: 

a)  Certain  strongly  connected  networks  with  branches  connecting  to 
output  arcs 

b)  Hazards 

3.  Indeterminacy  —  The  process  produces  erratic  results.  Indeterminacy  is 
produced  by: 

a)  Hazards 

b)  Residual  control 

c)  Races 

In  considering  detection  of  errors  in  networks,  it  is  helpful  to  regroup  the  sources  of  errors  into  those 
categories  which  are  similar.  The  regrouping  is  shown  below  with  short  names  provided  for  simplicity  of 
discussion. 

1.  Incomplete  rendezvous  —  the  only  source  of  infinite  duration,  and  the  source 
of  residual  control  producing  indeterminacy 

2.  Reentered  branch  -  the  branch  in  certain  strongly  connected  subgraphs  which 
produces  regeneration 

3.  Hazard  -  the  source  of  some  regeneration  and  indeterminate  cases 

4.  Races  —  the  source  of  indeterminacy  by  violation  of  precedence  requirements 

For  comparison,  additional  examples  of  error  and  error-free  cases  are  shown  in  Figures  25  and  26.  It 
should  be  noted  that  these  errors  display  thr  imeompiete  rendezvous,  reentered  branch,  and  hazard  only.  The 
race  may  appear  in  any  network  with  concurrent  processes.  It  should  also  be  noted  that  no  assumption  is  made 
about  the  dependency  of  various  decision  elements  upon  data. 

4.2  DETECTION  OF  IMPLEMENTATION  ERRORS 

One  method  for  detecting  errors  is  to  construct  the  network  and  perform  a  number  of  trial  activations. 
Construct  implies  connecting  the  electronic  units  and  making  the  necessary  connections  if  the  organizational 
level  is  being  considered.  Depending  upon  the  flexibility  of  components,  this  task  may  be  quite  time  consuming. 
At  the  program  level,  construct  means  writing  the  program  and  putting  it  into  form  for  input  to  the  computer 
system.  The  trial  implementation  has  the  advantage  that  algorithm  errors  as  well  as  implementation  enors 
may  be  checked.  It  has  the  following  disadvantages: 

1.  Construction  of  the  network  is  usually  a  lengthy  task  at  the  organizational 
level. 

2.  It  is  difficult,  if  not  impossible,  to  devise  trial  data  which  tests  the 
network  with  sufficient  thoroughness. 
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3.  Errors  due  to  races  may  not  occur  at  a!!  during  a  test  but  may  occur  during 
some  subsequent  use  of  the  network. 

4,  The  amount  of  time  required  to  perform  a  sufi  .tent  number  of  tests  may  be 
prohibitive. 

Some  c  omment  may  be  made  as  to  what  a  sufficient  number  of  tests  implies.  Regardless  of  bow  many 
trial  activations  are  performed  with  consistent  results,  there  is  always  a  possibility  of  a  race.  Thus,  a 
sufficient  number  implies  that  races  are  not  being  considered. 

The  term  combination  is  used  to  indicate  a  particular  set  of  arcs  on  which  control  signals  appear  during 
the  activation  of  a  separable  network.  It  may  be  observed  that,  in  an  error-free  network,  there  may  be  several 
unique  combinations,  the  number  of  which  depends  upon  the  number  of  decisions  and  their  degree.  The  maximum 
number  of  combinations  is  it  ^  where  d!  is  the  out-degree  of  the  ith  decision  and  n  is  the  number  of  decisions. 
For  instance,  a  graph  is  shown  in  Figure  27  with  two  2-way  decisions.  Four  combinations  are  shown  in  the 
accompanying  diagrams.  Figure  28  depicts  a  graph  with  two  decisions  and  less  than  the  maximum  number  of 
combinations.  A  lower  bound  on  the  number  of  combinations  for  a  given  number  of  decisions  depends  on  the 
manner  in  which  the  nodes  are  connected.  The  configuration  yielding  the  fewest  combinations  is  the  tree- 
structure,  as  shown  in  Figure  29.  The  number  of  combinations  for  such  a  tree  is  a  complex  function  of  the 
number  of  decisions  and  their  out-degrees,  cf.  Iverson.43  For  a  graph  composed  of  n  2-way  decisions,  the 
bounds  are  n+ 1  and  2". 

Another  point  that  might  be  mentioned  concerning  combinations  is  that  in  graphs  with  strongly  connected 
subgraphs,  a  fixed  result  for  each  decision  does  not  always  produce  an  output  control,  but  if  an  alternate  is 
provided  for  the  second  encounter  of  a  decision,  it  may  be  possible  to  produce  an  output  control.  In  this  case, 
combinations  are  indicated  rts  in  Figure  30,  where  the  number  at  the  output  arcs  of  the  decision  indicate  *he 
order  in  which  the  outputs  are  used.  A  second  example  of  this  is  shown  in  Figure  31. 

The  point  demonstrated  by  the  above  is  that  for  networks  of  considerable  complexity,  the  number  of 
combinations  may  be  very  large.  A  practical  example  is  the  control  network  for  a  floating-point  arithmetic  unit*4 
as  shown  in  Figure  32. 

In  view  of  the  disadvantage  of  trial  implementation  of  networks,  a  method  is  desired  which  will  test  a 
network  and  which  eliminates  these  disadvantages.  A  method  which  is  suitable  for  implementation  on  a  computer 
is  also  desirable.  Four  areas  of  approach  have  been  investigated  in  this  research. 

1.  Simulation 

a.  Trial  data  test 

b.  Monte  Carlo  test 

c.  Exhaustive  test 

2.  Topological  analysis 

3.  Symbolic  analysis  using  algebraic  expressions 

4.  State  transitions 

These  methods  are  described  in  the  following  sections. 

4.2.1  SIMULATION 

It  is  possible  to  simulate  concurrent  process  networks  on  sequential  digital  computers  ami  detect  certain 
errors.  The  simulation  of  sequential  processes  is  simple  to  accomplish  since  all  that  need  be  done  is  to 
implement  a  program  to  perform  the  desired  data  operations.  The  flow  of  control  is  the  same  as  the  execution 
of  program  steps.  While  decisions  and  merges  are  found  in  conventional  programs  for  sequential  computers, 


FIGURE  27.  A  GRAPH  DISPLAYING  THE  MAXIMUM  NUMBER  OF 
COMBINATIONS  FOR  TWO  DECISIONS 


\> 


r  1 

\  ' 


FIGURE  28.  A  GRAPH  WITH  TWO  DECISIONS  AND  LESS  THAN 
THE  MAXIMUM  NUMBER  OF  COMBINATIONS 
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FIGURE  30.  INDICATION  OF  COMBINATIONS  FOR  A  STRONGLY 
CONNECTED  GRAPH 


FIGURE  31.  COMBINATIONS  FOR  A  GRAPH  WITH  A  STRONGLY 
CONNECTED  SUBGRAPH 


HGURE  32.  CONTROL  FOR  A  FLOATING-POINT 
ARITHMETIC  UNIT  (CONTINUED  ON  FOLLOWING 
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the  branch  and  rendezvous  are  not.  To  simulate  branch  and  rendezvous,  certain  records  must  be  kept,  n  bits 
are  associated  with  each  n-way  branch  or  rendezvous.  Each  bit  corresponds  to  a  particular  output  arc  for  a 
branch  or  input  arc  for  a  rendezvous.  All  bits  are  initially  zero.  When  a  branch  unit  is  encountered  during 
simulation,  one  arc  is  selected  on  which  simulated  control  is  to  proceed.  The  bus  corresponding  to  the  other 
arcs  of  the  branch  are  set  to  1.  When  a  particular  input  to  a  rendezvous  is  encountered,  the  bit  conesponding 
to  thru  input  is  set  to  1.  Next,  all  of  the  other  bits  of  the  same  rendezvous  are  compared.  If  all  are  1,  then 
all  inputs  to  the  rendezvous  have  been  accepted  and  the  bits  are  reset  to  zero,  the  control  proceeding  to  the 
output  of  the  rendezvous,  if  ail  bits  ate  not  1,  then  control  cannot  proceed  to  the  output.  Instead,  the  bits  of 
branches  are  checked  until  one  is  found  which  is  a  1,  indicating  that  control  may  proceed  on  the  corresponding 
arc.  The  bit  is  then  reset  to  a  0. 

When  a  simulated  signal  is  present  on  the  input  to  a  merge,  the  control  simpij  proceeds  to  the  output. 
Similarly,  after  the  output  arc  is  selected  by  a  decision,  control  proceeds  to  that  arc. 

Error  checking  in  simulation  will  now  be  described.  Some  races  may  be  detected  by  varying  the  order  in 
which  output  arcs  are  chosen  at  a  branch,  but  a  test  of  all  of  these  ways  for  every  combination  is  infeasible. 

All  hazards  are  not  checked,  because  this  too  would  require  stepping  the  control  through  the  network  in 
every  possible  way  for  each  combiiiaiion.  Reentered  branches  may  be  found  by  examining  the  bits  corresponding 
to  the  branch  or  rendezvous  when  encountered  by  control  and  this  may  indicate  a  hazard  or  regeneration 
Hazards  cannot  be  located  by  checking  for  reentered  merges  or  decisions  because  this  reentry  is  perfectly 
legitimate,  as  in  strongly  connected  subgraphs.  Thus,  some  hazards  will  escape  detection. 

Two  types  of  errors  may  be  checked  when  simulated  control  proceeds  to  the  output  arc  of  the  graph  in 
question.  At  this  time,  all  branch  bits  may  be  checked,  and  if  any  are  1,  active  control  arcs  are  implied.  This 
could  ultimately  produce  regeneration  or  other  errors  The  existence  of  incomplete  rendezvous  is  determined 
by  examining  the  bits  of  each  rendezvous  for  the  value  1. 

Three  methods  were  investigated  in  the  a>  of  simulation:  the  trial  data  test,  the  Monte  Carlo  test,  and 
and  the  exhaustive  test.  The  distinction  between  these  is  presented  in  sections  4. 2. 1.1  through  4. 2. 2. 3. 

4.2. t.1  SIMULATION  WITH  TRIAL  DATA 

This  method  attempts  to  provide  data  which  would  be  typical  for  usage  by  the  physical  network  for  problem 
solution.  The  method  has  the  advantage  that  it  also  provides  checking  for  errors  in  algorithms,  but  it  is 
generally  unlikely  that  all  possible  combinations  will  be  tested,  especially  with  a  large  number  of  decisions 
in  the  graph. 

4. 2.1. 2  MONTE  CARLO  SIMULATION 

Application  of  this  technique,  suggested  by  Ellis,45  simulates  ;ontrol  only.  A  random  number  is  generated 
each  time  a  decision  is  encountered  to  determine  which  output  au  is  to  be  followed  in  the  simulation.  The 
Monte  Carlo  technique  has  the  disadvantage  that  there  is  always  a  finite  probability  that  some  combination 
will  not  be  tested.  Also,  not  all  combinations  are  equally  likely  to  be  tested. 

4. 2.1. 3  EXHAUSTIVE  SIMULATION 

The  exhaustive  technique  also  simulates  control  only.  A'l  combinations  of  a  network  are  tested,  This  is 
done  by  keeping  a  record  in  the  simulation  of  the  output  arc  selected  for  each  decision,  and  simulating  control 
for  each  possible  combination  of  decisions.  Exhaustive  simulation  generally  results  in  more  simulations  than 
necessary,  since  the  number  of  distinct  combination'  is  usually  Eomewhat  less  than  the  upper  bound,  i  e  the 
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product  of  the  out-degree  of  all  decision  nodes.  However,  since  it  is  not  possible  to  tell  a  priori  whether  a 
combination  has  been  tested,  the  exhaustive  test  necessarily  simulates  the  upper  bound  of  combinations 

Examples  of  the  exhaustive  test  are  presented  in  Figures  33  through  35.  Two-way  elements  are  assumed 
Branches  and  rendezvous  each  have  two  bits  associated  with  them,  as  previously  explained.  Three  bits  are 
associated  with  the  decision.  Two  of  these  bits  indicate  on  which  arc  the  decision  is  to  produce  a  control 
output.  The  other  bit  is  0  if  control  has  not  previously  entered  the  decision,  and  1  otherwise.  The  purpose  of 
this  bit  is  to  provide  a  means  for  control  to  leave  a  strongly  connected  subgraph,  rather  than  proceed  in  a  loop 
indefinitely.  Figure  33  is  an  error-free  case  and  Figure  34  is  not.  Figure  35  g>ves  a  case  with  a  hazard  which 
is  not  detected  by  exhaustive  testing. 

4.2.2  TOPOLOGICAL  ANALYSIS 

Some  errors  may  be  detected  by  a  topological  analysis  of  the  network.  Topological  analysis  involves 
examining  the  interconnection  of  nodes  in  the  network.  Certain  rules  have  been  found  which  govern  proper 
network  construction,  but  no  techniques  using  topology  alone  have  been  able  to  locate  all  errors.  Several  of 
these  rules  may  be  stated  here,  These  will  bo  justified  in  the  appendix. 

1.  Parallel  arcs  from  a  branch  to  t  merge  are  in  error. 

2.  Parallel  arcs  from  a  decision  to  a  rendezvous  are  in  error. 

3.  Separable  graphs  composed  entirely  of  decisions  and  merges  are  error  free. 

4.  Strongly  connected  graphs  composed  entirely  of  branches  and  rendezvous  are 
in  error. 

The  main  problem  with  topological  analysis  is  that,  generally,  no  inspection  of  subgraphs  of  any  given 
number  of  nodes  always  yields  a  definite  conclusion  as  to  errors.  Some  topological  reductions  aid  in  simplifying 
the  problem,  however.  An  example  of  such  a  reduction  is  the  technique  explained  in  Chapter  3  for  determining 
separable  subgraphs. 

4.2.3  SYMBOLIC  ANALYSIS  USING  ALGEBRAIC  EXPRESSIONS 

The  following  method,  which  wns  derived  from  suggestions  by  Stucki,*6  indicates  some  errors.  The 
method  is  heuristic  and  is  suggested  by  observing  that  the  outputs  of  the  *jndezvous  and  merge  are  functions  of 
their  inputs  in  a  manner  which  is  similar  to  the  Boolean  functions  of  gates  at  the  logic  level.  Specifically,  the 
merge  is  an  exclusive-or  in  the  sense  that  it  produces  an  output  if  either  but  not  both  inputs  are  present. 
Likewise,  the  rendezvous  is  an  and  ;n  the  sense  that  both  inputs  are  required  to  produce  an  output.  Expressions 
are  synthesized,  for  each  arc,  which  indicate  the  possibility  of  a  control  appearing  on  that  arc  as  a  function  of 
the  results  of  decisions. 

Assume,  for  simplicity  in  illustration,  that  a  graph  is  constructed  only  of  two-way  nodes.  Two  sets  of 
symbols,  a,,  a2,  aj,  ....  and  x,,  x2,  Xj,  ...  are  used.  The  a’s  repre sen;  expre ssions  on  arcs,  x,  and  7, 

represent  the  two  possible  completion  arcs  of  the  if/i  dec  sion. 

Expressions  are  formed  for  the  output  of  arcs  given  their  input  arc  expression  by  the  following  rules 
1.  !l"  ak  is  the  input  to  the  i th  decision,  the  outpufcare  labelled  akx, 

(ak  followed  by  x.)  and  akx,  (ak  followed  by  "not”  r,). 

...  If  ak  is  the  input  to  a  branch,  the  outputs  are  both  labeled  3k 
3.  If  a(  and  at  are  inputs  to  a  rendezvous,  then  one  of  the  following 
is  applied. 

a)  If  and  ak  are  identical,  then  the  output  arc  is  labeled  a^. 
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BEGIN  TEST  OE  FIRST  COMBINATION 


NO  ERRORS 

BEGIN  TEST  OF  SECOND  COMBINATION 


NO  ERRORS 


FIGURE  33.  EXHAUSTIVE  TEST  OF  AN  ERROR-FREE  NETWORK 

*  -  INDICATES  DEC T SION  ENTERED 


-46- 


D  a 


e  R 


8  /  9 


ACTIVE  BRANCH 
ARC  I 

u  I  r 


-  4  5  9  10 


REND.  DECISION 


i  ...  « 


-K’-h 


--  a 

2  3  * 


BEGIN  TEST  OF  FIRS1  COMBINATION 


1  0  0  0  0  0  0 

3  0  0  0  0  0  0 

4  0  1  0  0  0  0 

6  0  1  0  0  1  0 

5  0  0  0  0  1  0 

7  0  0  0  0  1  1 

8  0  0  0  0  0  0 

10  0010  00 

END  TEST  OF  FIRST  COMBINATION 

ERROR  -  ARC  9  ACTIVE 


BEGIN  TEST  OF  SECOND  COMBINATION 


0  1  0 
0  1  0 
0  1  0 
0  1  0 
0  1  0 
0  1  0 
0  1  0 
0  1  0 


1 

0  0 

0  0 

0  0 

1  0  0 

2 

0  0 

0  0 

0  0 

1  0  0 

6 

0  ojo  0 

0  0 

1  0  0 

END  TEST  OF  SECOND  COMBINATION 


ERROR  -  NON  COMPLETION 


FIGURE  34.  EXHAUSTIVE  TEoT  OF  A  NETWORK  WITH  ERRORS 
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NO  ERRORS 


FIGURE  35.  EXHAUSTIVE  TEST  OF  A  NETWORK  WITH  UNDETECTABLE  ERRORS 


★ 


INDICATES  DECISION  ENTERED 


-48- 


b)  If  Bj  end  ak  are  known  to  be  mutually  exclusive,  then  an  incomplete 
render  jus  is  indicated. 

c)  If  it  is  not  known  at  the  time  whether  a(  and  ak  are  identical  or 
exclusive,  then  the  output  is  labeled  a^*  ak  ( a|  and  ak). 

4,  If  a(  and  ak  are  inputs  to  a  merge  then  one  of  the  following  is  applied. 

a)  If  a!  and  ak  are  mutually  exclusive  then  a  combination  is  made 
according  to  the  usual  rule  for  Boolean  expressionsfa.x,  +  ajX  ,  =  a( 

where  +  means  exclusive  or). 

b)  If  a.  and  ak  are  known  not  to  be  mutually  exclusive,  ?.  hazard  is 
indicated. 

c)  If  it  is  not  known  at  the  time  whether  a.  and  a.  are  exclusive,  the 

t  * 

output  is  labeled  a(  «-  ak  (a(  or  ak). 

Figures  36  ar.d  37  indicate  the  steps  involved  in  performing  symbolic  analysis  The  input  arc  to  the  separable 
graph  is  labeled  ao.  Whenever  all  inputs  to  an  node  are  labeled,  the  output  arcs  may  be  labeled.  This  is 
continued  until  it  is  impossiale  to  proceed  further  due  to  an  error,  or  until  the  output  of  the  graph  is  labeled. 
This  label  specifies  which  decision  combinations  produce  the  output  control  signal. 

In  strongly  connected  graphs,  there  are  one  or  more  stages  at  which  the  labeling  is  not  complete,  but  can 
proceed  no  further  because  no  nodes  remain  with  all  inputs  labeled.  At  this  stage,  a  decision  or  branch  is 
selected,  and  its  input  is  assigned  a  unique  label  a..  The  labeling  then  continues,  new  labels  being  assigned 
as  needed.  Because  of  the  introduction  of  these  labels,  there  will  be  instances  in  which  the  input  of  a  branch 
or  decision  would  be  labeled,  but  has  already  been  assigned  a  !abel  ak.  Let  L  represent  the  label  which  would 
be  assigned  if  the  arc  were  not  previously  labeled  ak.  One  of  the  following  is  then  applied. 

1.  If  L  is  the  input  to  a  branch,  then. 

a)  If  L  is  in  terms  of  ak,  a  reentered  branch  error  is  indicated; 

b)  If  L  is  not  in  terms  ol  ak,  all  occurrence  of  ak  in  ail  expressions 
are  replaced  by  L  . 

2.  If  L  is  the  input  to  a  decision,  then: 

a)  If  L  is  in  terms  of  a^,  an  iteration  is  indicated.  The  situation  is 
similar  to  a  recursive  definition,  ak  =r  L  where  L  akx,  +  a |,  i.  e ., 

ak  =  a|  or  ak  followed  by  x,.  All  occurrences  of  ak  are  then  replaced 
by  a |  ft  *  meaning  a.  followed  by  any  number  of  xt. 

b)  If  L  is  not  in  terms  of  ak,  all  occurrences  of  ak  in  all  expressions 
are  replaced  by  L. 

The  analysis  continues  until  an  error  is  encountered,  making  continuation  impossible,  or  until  arcs  are  in 
verms  of  ao  and  x’r-  only.  In  the  latter  case,  the  network  is  not  necessarily  error-free,  but  any  eirors  picsent 
remain  undetected.  Figures  38  and  39  show  examples  with  strongly  connected  graphs. 

The  symbolic  analysis  technique  has  the  disadvantage  that  it  is  cumbersome  to  implement  on  a  computer, 
in  addition  to  not  being  able  to  detect  all  errors.  It  does  have  the  advantage  of  providing  an  expression,  indicating 
the  condition  for  the  existence  of  a  signal  on  any  arc  as  a  function  of  the  outcomes  of  decisions, 

It  is  not  implied  that  no  symbolic  analysis  is  useful  or  is  able  to  detect  all  errors.  Possibly  some  more 
tho'ough  technique  may  be  found.  The  symbolic  analysis  presented  here  is  representative  of  several  which 
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were  investigated  in  this  study.  A  problem  which  is  likely  to  be  common  to  many  symbolic  approaches  is  the 
difficulty  ir.  computer  implemep’ation. 

4.2.4  THE  STATE  TRANSITION  METHOD 

The  final  technique  to  be  presented  will  be  called  the  state  transition  method,  due  to  a  similarity  to  the 
representation  of  a  sequential  switching  network  as  a  graph  displaying  transitions  between  states.* 1  It  is 
suitable  for  digital  computer  implementation  and  can  detect  all  of  the  implementation  errors  discussed,  including 
some  'aces.  It  also  appears  tc  be  extendable  to  other  types  of  control  processes,  such  as  the  flag  described  in 
2.3.*.,  ~he  state  of  a  network  will  be  defined,  followed  by  an  explanation  of  error  indication  by  the  consideration 
of  possible  states,  and  possib’e  transitions  between  them. 

A  label  is  assigned  to  each  arc  of  the  graph  in  consideiation.  A  slate  of  the  network  is  a  list  of  those 
arcs  which  nay  be  active  at  a  particular  instant  of  time,  e.g.,  a,  b,  c,  where  a,  b,  and  c  are  arcs.  A  transition 
between  states  is  the  change  of  a  network  from  one  state  to  another.  If  the  states  of  a  network  are  represented 
as  nodes  of  a  second  graph,  the  possible  transitions  may  be  represented  as  the  rrcs  of  this  graph,  which  will 
be  called  the  state  transition  graph  of  the  network.  Figure  40  indicates  the  state  transition  graphs  for  some 
simple  error-free  nef-v.ks. 

The  initial  state  is  defined  to  be  that  state  of  a  separable  network  consisting  of  only  the  input  arc  of  the 
network.  The  final  state  is  that  state  consisting  of  only  the  output  arc.  A  srt  of  arcs,  a,,  aJt  ....  an,  is  said 
to  be  a  partial  state  of  a  state.  B  =  h,.  b}.  ....  bm,  if  and  only  if  a,  <  B  for  i »  1,  2,  ....  n. 

The  partial  states  of  a  state  are  used  in  determination  of  possible  state  transitions  by  considering  each 
node  having  the  arcs  of  a  state  's  input  arcs.  For  example,  if  a  is  a  partial  state  of  a,  e,,  e2,  «r1(  .....  and 

a  is  the  input  to  a  branch  with  outputs  b  and  c,  the  transition  from  a,  e,.  »2(  e3,  .....  to  a  state  b,c,e |,e2,ej,  ..... 
may  occur.  The  possible  transition  for  the  branch  is  indicated  in  Figure  41.  A  graph  such  as  the  one  in 
Figure  41  will  be  called  a  partial  state  transition  graph.  The  partial  state  transition  graphs  foi  the  decision, 

merge,  and  rendezvous  are  shown  in  Figure  42.  Note  that  the  decision  has  two  possible  transitions.  Note  also 
that  the  transition  graph  for  the  merge  has  an  isolated  node  representing  the  state  a,b.  If  this  state  is  possible, 
then  a  hazard  is  indicated.  States  or  partial  states  which  are  identifiable  as  errors  will  be  called  error  states. 

Error  states  which  indicate  other  types  of  errors  are  now  explained.  A  state  in  which  the  output  arc 
appears  with  other  arcs  is  an  eror,  because  it  indicates  th  s.  completion  signal  is  produced  while  some  arc 
may  still  be  active  within  the  network.  If  the  output  arc  is  removed  from  this  state  and  the  construction  of  the 
transition  graph  continued,  then  regeneration  is  indicat'd  if  the  output  arc  eventually  appears  again  in  a  state. 
Otherwise,  residual  control  is  indicated.  If  there  are  states,  other  than  the  final  state,  from  which  no  transition 
may  occur,  infinite  Juration  is  indicated  in  these  stales.  An  attempt  to  form  a  transition  to  a  state  having  two 
arcs  which  are  the  same  is  an  indication  ot  a  hazard. 

Since  the  transition  graph  indicates  which  arcs  may  be  active  simultaneously,  consideration  of  the  dale 
in  the  separable  processes  represented  by  these  arcs  will  indicate  any  races,  if  it  is  known  exactly  which 
memory  elements  will  be  used,  and  which  will  be  altered.  Figures  43  and  44  exemplify  some  networks  with 
errors.  The  error-state  nodes  are  indicated  bv  dashed  liner.. 

The  following  algorithm  presents  the  steps  in  constructing  the  state  transition  graph.  The  network 
graph  is  assumed,  with  initial  and  final  states  known.  The  state  graph  initially  contains  a  single  r.ode  for 
the  initial  stale. 


« 
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FIGURE  41.  PARTIAL  STATE  TRANSITION  GRAPH  FOR  A  BRANCH 


#  * 


FIGURF  42.  PARTIAL  STATE  TRANSITION  GRAPHS  FOR  DECISIONS  * 
MERGES,  AND  RENDEZVOUS 


IGURf  43.  STATE  TRANSITION  GRAPHS  FOR 


ERROR  CASES 
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1.  If  all  nodes  have  been  considered  for  transitions,  the  state  graph  is 
complete.  Stop, 

2.  Select  a  state  for  which  all  transitions  have  not  been  considered. 

Call  this  state  s. 

3.  Select  an  arc  in  s,  and  call  this  arc  c.  Remove  all  arcs  from  s 
which  ate  input  to  the  same  node  to  which  c  is  input.  Call  these 
arcs  p,  a  partial  state. 

4.  Compere  the  arcs  of  p  to  the  partial  state  diagram  for  possible 
transitions  or  error  states. 

5  If  posable  transitions  exist,  check  to  see  if  the  next  state  fotmed 
is  already  in  the  state  graph.  If  it  is,  connect  the  next  state  to 
state  s  by  an  arc.  If  it  is  not,  add  the  new  state  to  the  graph  and 
connect  it  to  s  by  an  arc. 

6.  Repeat  steps  3  through  5  until  all  distinct  nodes  connected  to 
arcs  of  s  have  been  considered.  Then  go  to  step  1. 

Step  4  of  the  algorithm  may  be  elaborated  by  specifying  the  procedure  for  each  of  the  four  types  of  nodes 
considered.  If  other  types  of  processes  are  involved,  appropriate  procedures  for  then,  must  be  formulated  using 
the  state  transition  graphs.  1'he  procedures  for  branch,  rendezvous,  decision,  ar.d  merge  are  now  given: 

1.  Branch  —  If  the  input  arc  of  a  branch  is  a  partial  state  of  v,  a 
possible  transition  is  to  a  state  with  the  input  arc  replaced  by 
the  output  arcs  of  the  branch,  and  all  other  arcs  in  p  unchanged 

2.  Rendezvous  —  If  all  of  the  input  arcs  of  a  rendezvous  form  a 
partial  state  of  p,  a  possible  transition  is  to  a  state  with  these 
arcs  replaced  by  the  output  arc  of  the  rendezvous,  and  all  other 
arcs  in  p  unchanged. 

If  some,  but  not  all,  of  the  input  arcs  of  a  rendezvous  form 
a  partial  state  of  p,  and  there  are  no  other  possible  transitions,  an 
incomplete  rendezvous  error  is  indicated. 

3.  Decision  —  If  the  input  arc  of  a  decision  is  a  partial  state  of  p, 
possible  transitions  are  to  states  with  the  input  arc  of  the  decision 
replaced  by  a  single  output  arc  of  the  decision. 

4.  Merge  —  If,  at  most,  one  of  the  input  arcs  of  a  merge  is  in  any  partial 
state  of  p,  a  possible  transition  is  to  a  state  consisting  of  p  with  *he 
input  arc  to  the  merge  replaced  by  the  output  arc.  If  more  than  one 
input  arr  to  a  merge  is  a  partial  state,  a  hazard  is  indiepted. 

For  any  element,  if  a  transition  is  made  in  such  a  way  that  the  new  state  has  the  same  arc  twice,  an 
error  is  indicated. 

4.?  S  A  SUMMARY  OF  THE  TECHNIQUES  OF  THIS  STUDY 

Table  1  compares  the  techniques  presented  as  to  their  thoroughness  in  detection  of  various  errors.  It 
appears  at  this  time,  that  the  state  transition  method  is  the  most  complete  and  also  is  re!’  nvely  simple  to 
implement.  Some  topological  reduction  techniques,  as  described  in  the  appendix,  can  be  used  to  enhance  the 
power  of  this,  or  any  other  method. 
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T able  1.  A  comparison  of  the  error  detection  methods  investigated 


Method 


Errors  Detected 

Comments 

Incomplete 

Reentered  Hazards  Races 

Rendezvc  s 

Branches 

1  Simulation 
a)  Trial  Data 

bl  Monte  Certo 

c)  Exhaustive 

2.  Topological 

3.  Symbo.ir 

4.  State  transition 


S 

S 

A 

? 

S 

A 


s  s  s 

S  S  N 
A  S  N 
S  S  N 
S  S  N 
A  A  S 


Also  checks  for  some 
algorithm  errors 

Not  all  combinations  are 
tested  with  equal  likelihood 

Testing  time  may  be 
prohibitive 

Can  be  applied  during 
reduction  of  graph 

Cumbersome  to  implement 
by  computer  p.ogram 

Simple  to  implement, 
t  it  udable  to  other  types 
of  processes  than  decisions, 
merges,  branches,  and 
rendezvous 


A-  All  errors  of  this  type  detected 
S  --  Some  errors  of  this  type  detected 
N  —  No  errors  of  this  type  detected 
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5.  SUMMARY  AND  CONCLUSION 


A  model  suitable  for  reoresentation  of  particular  types  of  computing  systems  has  been  presented  and 
techniques  for  introducing  concurrent  asynchronous  control  into  the  model  discussed. 

Graph  theoretic  terminology  was  introduced,  and  its  applicability  to  description  of  the  model  demonstrated. 

Several  matric  representations  for  graphs  .'ere  presented  as  a  possible  means  for  representing  the  model 
in  a  computer  for  which  automatic  analysis  techniques  may  be  implemented. 

The  possible  introduction  of  errors  into  computing  systems  by  improper  implementation  of  concurrent 
asynchronous  control  networks  was  illustrated,  and  various  types  uf  errors  were  classified.  Several  methods  for 
detection  of  implementation  errors  were  investigated  and  compared. 

It  is  concluded  that  state-transition  method,  in  combination  with  topological  reductions,  is  the  most 
satisfactory  method  of  those  investigated  due  to  several  advantages:  It  detects  all  implementation  ertors  in  the 
type  of  networks  considered,  it  is  extendable  io  other  types  ot  processes,  and  it  may  be  implemented  by  a 
digital  computer  program. 


« 
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APPENDIX  7.1 


REDUCTION  TECHNIQUES  AND  SOME  THEOREMS  CONCERNING  TOPOLOGY 

As  mentioned  in  section  4.2.?,  sor  topological  reductions  ma’  be  applied  to  reduce  the  complexity  of  the 
error  analysis  problem,  In  the  course  ~>f  these  reductions,  some  simple  tests  may  be  made  to  determine  if  the 
network  contains  errors.  These  reductions  and  tests  will  be  presented,  and  derived  by  consideration  of  partial 
state  transition  diagrams,  it  should  be  noted  that  the  reductions  remove  some  arcs  and  hence,  if  races  are  to  be 
checked  for,  this  should  be  done  before  applying  any  reductions.  The  following  paragraphs  do  not  apply  to  detection 
of  races 

The  input  boundary  states  of  a  graph  not  necessarily  separable  are  those  states  containing  only  input  arcs  to 
the  graph.  A  similar  definition  applies  for  output  boundary  states.  In  considering  the  state  transition  graph  for  a 
network,  each  input  boundary  state  ultimately  reaches,  in  the  graph-theoretic  nomenclature,  either  an  output  state  or 
an  error  state.  Two  graphs  are  said  to  be  A-equivalent  if  they  ha*  the  same  reachability  relations  among  their 
respective  error  and  boundary  states.  The  state  graphs  of  two  A-e  valent  networks  are  shown  in  Figure  7.7.1. 
Postulate-  If  P  is  a  graph  and  Q  a  subgraph  of  P,  P  may  be  analyzed  I  r  errors  by  replacing  Q  with  any  A-equivalent 
subgraph. 

7  eorem  1  -  All  weakly  connected  graphs  composed  of  only  one  type  branch,  decision,  merge,  or  rendezvous  of 
1  ay  elements  are  A-equivalent  to  a  single  element  of  the  same  degree  as  the  fanner  graph. 

The  proof  is  given  for  merges.  The  others  follow  analogously.  The  method  of  mathematical  induction  is 
employed.  Assume  that  the  theorem  holds  for  a  graph  of  2-way  merge  nodes  of  degree  n,l .  This  network  is  shown 
with  its  transition  graph  in  Figure  7.1.2.  Since  the  2-way  merge  network  is  assumed  equivalent  to  an  n-way  merge, 
its  state  graph  is  that  of  the  n-way  merge.  A  2-way  merge  is  then  added,  producing  a  network  of  degree  n  +  1,  1. 
The  transition  graph  for  this  augmented  network  is  shown  in  Figure  7.1.3.  Figure  7.1.4  displays  a  3eccnd  state 
graph  with  the  same  reachability  among  boundary  and  error  states  as  that  in  Figure  7.1.3.  The  second  graph  i s 
■  dentical  to  a  state  transition  graph  for  a  merge  node  of  degree  n  +  l,  l. 

For  the  case  n  =  2,  the  theorem  holds  trivially  since  a  network  of  degree  2,1  is  identical  to  a  single  2-way 
merge.  The  truth  of  the  theorem  has  been  shown  for  a  single  2-wcy  merge  element  and  the  assumption  of  truth  for 
a  network  of  degree  n,l  has  been  shown  to  imply  its  truth  for  a  network  of  degree  n  +  1,  l.  Thus,  by  induction,  the 
theorem  is  true  fir  all  merge  networks  of  degree  n,l  where  n  >  2. 

Theorem  2  -  Any  two  weakly  connected  graphs  composed  of  one  type  of  node  decision,  merge,  branch,  or  rendezvous 
and  of  the  same  degree  are  A-equivalent. 

Proof  -  Any  such  graphs  are  A-equivalent  to  a  graph  of  2-way  nodes  and  f  the  same  degree.  Therefore,  they  are 
equivalent  to  each  other. 

Theorem  3  -  Any  separable  graph  which  is  error-free  is  A-equivalent  to  a  null  process. 

Proof  -  A  separable  error-free  graph  has  no  error  state.  There  is  a  single  input  boundary  state  which  reaches  a 
single  output  boundary  state.  This  is  equivalent  to  the  graph  of  a  null  process. 

Theorem  4  -  A  separable  graph,  the  input  arc  of  which  is  connected  to  a  rendezvous,  is  in  error. 

The  proof  follows  from  the  fact  that  the  initial  state  can  make  no  transitions. 

Theorem  5  -  Any  parallel  crcs  from  a  subgraph  composed  of  decisions  to  a  subgraph  composed  of  merges,  or  from  a 
subgraph  composed  of  branches  to  a  subgraph  composed  of  rendezvous,  may  be  replaced  wi:h  a  single  arc  with 
A-equivalence  being  preserved. 
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h  ARE  BOUNDARY  STATES 
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FIGURE  7.1.1  TWO  A-EQUI VALENT  STATE  GRAPHS  AND  THEIR 
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(a^)  (a2)  (a3)  (an)  (an+i)  ^ai*aj) 


FIGURE  7.1.3  [HE  RESULT  OF  CONNECTING  A  2-WAY  MERGE  TO 
THE  NETWORK  OF  FIGURE  7.1.2 
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Proof  -  The  two  graphs  are  equivalent  to  graphs  composed  of  only  2-way  elements.  Th?  2-way  elements  may  be 
grouped  in  such  a  way  that  the  arcs  between  these  elements  are  parallel.  Parallel  arcs  betw  ten  a  2-way  decision 
and  a  2-way  merge,  or  between  a  2-way  branch  and  a  2-way  rendezvous,  are  known  to  constitute  separable  error-free 
graphs.  These  arcs  may  be  replaced  by  a  null  p>ocess,  i.e  ,  a  single  arc. 

Theorem  6  -  Any  parallel  arcs  from  a  subgraph  composed  of  derisions  to  a  subgraph  composed  of  rendezvous,  or 
from  a  subgiaph  composed  of  branches  to  a  subgraph  composed  of  merges,  indicate  an  error. 

Theorem  7  -  A  strongly  connected  graph  consisting  only  of  branches  and  rendezvous  is  in  error. 

Proof  -  The  graph  may  be  divided  into  maximal  subgraphs  consisting  of  .her  all  branches  or  rendezvous. 

All  input  arcs  to  the  graph  must  be  input  arcs  to  rendezvous,  since  if  the  arcs  are  inputs  to  br  nches.the  graph 
is  not  strongly  connected.  At  least  one  input  arc  to  each  of  these  rendezvous  must  not  be  an  input  arc  of  the 
subgraph,  for  if  it  were,  the  subgraph  would  not  be  strongly  connected.  It  is  never  possible  for  any  of  these 
rendezvous  to  report  completion,  since  every  one  requires  control  from  inside  the  graph,  but  this  control  cannot 
be  present,  without  at  least  one  rendezvous  reporting  completion.  Therefore,  the  subgraph  is  in  error. 

Use  of  these  theorems  will  new  be  illustrated  in  the  reduction  of  the  floating-point  arithmetic  unit  of  Figure 
32.  A  suggested  procedure  for  application  of  the  theorems  follows,  although  r.o  attempt  is  made  to  show  that 
it  is  optimal: 

1.  Form  all  maximal  subgraphs  of  a  single  type  of  elements. 

2.  Check  for  any  parallel  arcs  among  these  subgraphs,  if  some  arcs  are 
parallel  and  indicate  errors,  then  the  procedure  is  stopped.  If  crcs  are 
parallel  and  may  be  replaced  by  a  single  arc,  then  replace  them.  If  no 
arcs  are  parallel,  then  go  to  step  3,  otherwise  go  to  1 . 

3.  Check  the  remainder  of  the  graph  by  the  state  transition  method. 

Figures  7.1.5  through  7.1.8  illustrate  the  application. 
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FIGURE  7.1.7  (CONTINUED) 


FIGURE  7.1.8  RESULT  OF  REPEATED  APPLICATIONS  OF  THE 
REDUCTION  ALGORITHM  TO  FIGURE  7.1.7 
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